Technology Loaner Program - Touchless Preparation
This article provides an overview of the Touchless Prep option available to IT units to prepare Windows laptops from the Technology Loaner Program for their faculty and staff.
University of Illinois IT Pros leveraging the Technology Loaner Program
The Technology Loaner Program (TLP) provides loaner technology for students, faculty and staff that may otherwise be unable to complete their studies and work due to technological barriers. When using the Touchless Prep method, a TLP laptop will be shipped directly to a faculty/staff member's residence along with printed instructions to contact their IT support unit for assistance with configuring their laptop. Once it's received, an IT professional can remotely configure the laptop using a remote screen sharing service (such as Bomgar).
Note: Name your computers with either a “COVID19-” or “TLP-” prefix to avoid Endpoint Services charges for TLP computers.
- User receives laptop and contacts IT pro prior to powering on the laptop
- User powers on the laptop. The IT pro can walk the user through the initial out-of-box experience and setup.
- It's recommended to select 'Domain join instead' and create a local account rather than using a Microsoft account
- Once in Windows, have the user access their University email via webmail
- Using the Bomgar Representative Console, IT pro generates a Bomgar session and sends email with session link/information to user. User clicks link in email to download and launch Bomgar EXE.
- Once the IT pro has control of the remote laptop via Bomgar, elevate privileges for the Bomgar session.
- Install the Cisco AnyConnect VPN. Ideally, configure the VPN to be available at the Windows login screen.
- IT pro launches and connects the Cisco AnyConnect VPN. Bind the laptop to Active Directory. Install CrowdStrike Falcon and, if using Endpoint Services, install the MECM client using your normal procedures. Restart the computer.
- Have the user launch and login to the Cisco AnyConnect VPN at the Windows login screen.
- Have the user login to the laptop using their NetID and password.
- Ensure that the newly-bound endpoint is receiving group policy before proceeding with MECM install
- MECM client installation can be done via Client Push, however it will take time for a newly-bound endpoint to show up in the appropriate device collections in order to be targeted.
- Manual MECM client installation is a faster but more involved option, if the IT Pro wishes to do so while remoted in.
- In either case the endpoint must be on the VPN and must remain there until provisioning is complete.